﻿@article{
aranya:TRACEFS,
   Author = {Aranya, A. and Wright, C. P. and Zadok, E.},
   Title = {Tracefs: A File System to Trace Them All},
      Year = {2004} }



@article{
balon:CIF,
   Author = {Balon, N. and Stovall, R. and Scaria, T.},
   Title = {Computer Intrusion Forensics Research Paper},
      Year = {} }



@article{
bauer:SYSLOG,
   Author = {Bauer, M.},
   Title = {Paranoid Penguin: syslog Configuration},
   Journal = {Linux Journal},
   Volume = {2001},
   Number = {92},
      Year = {2001} }



@article{
cantrill:DIPS,
   Author = {Cantrill, B. M. and Shapiro, M. W. and Leventhal, A. H.},
   Title = {Dynamic instrumentation of production systems},
      Year = {2004} }



@article{
cornell:WAYBACK,
   Author = {Cornell, B. and Dinda, P. A. and Bustamante, F. E.},
   Title = {Wayback: A User-level Versioning File System for Linux},
   Journal = {Proceedings of Usenix Annual Technical Conference, FREENIX Track},
   Pages = {19–28},
      Year = {2004} }



@article{
desnoyers:LTTNG,
   Author = {Desnoyers, M. and Dagenais, M. R.},
   Title = {The lttng tracer: A low impact performance and behavior monitor for GNU/Linux},
   Journal = {OLS (Ottawa Linux Symposium)},
   Pages = {209–224},
      Year = {2006} }



@article{
dunlap:REVIRT,
   Author = {Dunlap, G. W. and King, S. T. and Cinar, S. and Basrai, M. A. and Chen, P. M.},
   Title = {ReVirt: enabling intrusion analysis through virtual-machine logging and replay},
   Journal = {ACM SIGOPS Operating Systems Review},
   Volume = {36},
   Pages = {211-224},
      Year = {2002} }



@misc{
eigler:SYSTEMTAP,
   Author = {Eigler, F. C. and Prasad, V. and Cohen, W. and Nguyen, H. and Hunt, M. and Keniston, J. and Chen, B.},
   Title = {Architecture of systemtap: a Linux trace/probe tool},
   URL = {http://sourceware.org/systemtap/archpaper.pdf},
         Year = {2005} }



@article{
garfinkel:TRAPS,
   Author = {Garfinkel, T.},
   Title = {Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools},
   Journal = {Proceedings of the Network and Distributed Systems Security Symposium},
      Year = {2003} }



@article{
goel:FORENSIX,
   Author = {Goel, A. and Feng, W. C. and Maier, D. and Walpole, J.},
   Title = {Forensix: a robust, high-performance reconstruction system},
   Journal = {Distributed Computing Systems Workshops, 2005. 25th IEEE International Conference on},
   Pages = {155-162},
      Year = {2005} }



@article{
hiramatus:DJPROBE,
   Author = {Hiramatsu, M. and Oshima, S.},
   Title = {Djprobe—Kernel probing with the smallest overhead},
   Journal = {Linux Symposium},
      Year = {2007} }



@article{
keniston:PTRACE,
   Author = {Keniston, J. and Mavinakayanahalli, A. and Panchamukhi, P. and Prasad, V.},
   Title = {Ptrace, Utrace, Uprobes: Lightweight, Dynamic Tracing of User Apps},
   Journal = {Linux Symposium},
      Year = {2007} }



@article{
king:BACKTRACKING,
   Author = {King, S. T. and Chen, P. M.},
   Title = {Backtracking intrusions},
   Journal = {ACM Transactions on Computer Systems (TOCS)},
   Volume = {23},
   Number = {1},
   Pages = {51-76},
      Year = {2003} }



@article{
knight:VULNERABILITIES,
   Author = {Knight, E.},
   Title = {Computer Vulnerabilities},
      Year = {2000} }



@article{
krishnakumar:KPROBE,
   Author = {Krishnakumar, R.},
   Title = {Kernel korner: kprobes-a kernel debugger},
   Journal = {Linux Journal},
   Volume = {2005},
   Number = {133},
      Year = {2005} }



@misc{
sun:VIRTUALBOX,
   Author = {Microsystems, S.},
   Title = {VirtualBox},
   URL = {http://www.virtualbox.org},
         Year = {} }



@article{
pohlack:RTSMON,
   Author = {Pohlack, M. and Dobel, B. and Lackorzynski, A.},
   Title = {Towards Runtime Monitoring in Real-Time Systems},
   Journal = {Proceedings of the Eighth Real-Time Linux Workshop},
      Year = {2006} }



@article{
rekhis:TADISI,
   Author = {Rekhis, S.},
   Title = {Theoretical Aspects of Digital Investigation of Security Incidents},
      Year = {} }



@article{
rogers:FORENSICS,
   Author = {Rogers, M.},
   Title = {COMPUTER FORENSICS: EVIDENCE HANDLING & MANAGEMENT},
      Year = {} }



@article{
salvador:IDS,
   Author = {Salvador, J. A. F.},
   Title = {An intrusion detection system based in the gathering of Linux Syslog Logs from Linux, Windows NT and Snort},
      Year = {2003} }



@article{
sarmoria:MMF,
   Author = {Sarmoria, C. G. and Chapin, S. J.},
   Title = {Monitoring access to shared memory-mapped files},
   Journal = {Proc. of the 2005 Digital Forensics Research Workshop (DFRWS). New Orleans},
      Year = {2005} }



@article{
spitzner:KYE,
   Author = {Spitzner, L.},
   Title = {Know Your Enemy: A Forensic Analysis},
   Journal = {URL: http://www.securityfocus.com/focus/ih/articles/foranalysis.html},
      Year = {2000} }



@article{
stallings:NETCRYPTO,
   Author = {Stallings, W.},
   Title = {Cryptography and Network Security},
      Year = {2003} }



@article{
tan:READINESS,
   Author = {Tan, J.},
   Title = {Forensic Readiness},
   Journal = {The CanSecWest Computer Security Conference, April},
      Year = {2001} }



@article{
wisniewski:MULTIPROC,
   Author = {Wisniewski, R. W. and Rosenburg, B.},
   Title = {Efficient, Unified, and Scalable Performance Monitoring for Multiprocessor Operating Systems},
   Journal = {Supercomputing, 2003 ACM/IEEE Conference},
   Pages = {3-3},
      Year = {2003} }



@article{
zanussi:RELAYFS,
   Author = {Zanussi, T. and Yaghmour, K. and Wisniewski, R. and Moore, R. and Dagenais, M.},
   Title = {relayfs: An Efficient Unified Approach for Transmitting Data from Kernel to User Space},
   Journal = {Linux Symposium},
      Year = {2003} }



@article{
mohan:REPOFS,
   Author = {Mohan, P. and Aanjhan, R.},
   Title = {Mounting of Version Control Repositories: RepoFS},
   Journal = {High Performance Computing-HiPC 2006},
      Year = {2006} }



@article{
letscher:CARBON,
   Author = {Letscher, D.},
   Title = {Carbon Copy Filesystem: A Real Time Snapshot Filesystem Layer},
      Year = {2006} }



@misc{
sun:ZFS,
   Author = {Microsystems, S.},
   Title = {ZFS: The last word in file systems},
         Year = {} }



@misc{
vmware,
   Author = {VMWare, Inc.},
   Title = {VM Ware},
   URL = {http://www.vmware.com},
         Year = {} }



@misc{
symantec:GHOST,
   Author = {Sysmantec, Corp.},
   Title = {Norton Ghost},
   URL = {http://www.symantec.com/norton/ghost},
         Year = {} }



@misc{
cederqvist:CVS,
   Author = {Cederqvist, P.},
   Title = {Version Management with CVS},
   Publisher = {Network Theory Ltd.},
         Year = {2002} }



@book{
collins-sussman:SVN,
   Author = {Collins-Sussman, B. and Fitzpatrick, B. W. and Pilato, C. M.},
   Title = {Version Control with Subversion},
   Publisher = {O'Reilly Media, Inc.},
      Year = {2004} }



@article{
BAZAAR,
   Title = {Bazaar Distributed VCS},
      Year = {} }



@misc{
GIT,
   Title = {Git},
   URL = {http://git.or.cz/},
         Year = {} }



@misc{
osullivan:MERCURIAL,
   Author = {O’Sullivan, B.},
   Title = {Distributed revision control with Mercurial},
         Year = {2006} }



@book{
love:LINUXSYSPROG,
   Author = {Love, Robert},
   Title = {Linux System Programming: Talking Directly to the Kernel and C Library},
   Publisher = {O'Reilly Media, Inc.},
      Year = {2007} }



@book{
bovet:ULK,
   Author = {Bovet, D. P. and Cesati, M.},
   Title = {Understanding the Linux Kernel},
   Publisher = {O'Reilly Media, Inc.},
      Year = {2005} }



@book{
mitnick:DECEPTION,
   Author = {Mitnick, K. D. and Simon, W. L.},
   Title = {The Art of Deception: Controlling the Human Element of Security},
   Publisher = {Wiley},
      Year = {2002} }



